At a time when confidence in perimeter security is waning, and organisations are increasingly facing business pressure to adopt cloud strategies and consolidate their data centre resources, the question of how to securely migrate data to public, private, or hybrid cloud environments has become a primary concern. As part of its Secure Breach strategy, SafeNet today announced limited availability of the SafeNet Crypto Hypervisor, enabling organizations to virtualise their crypto resources in an efficient and scalable way, and ensuring that all data can be safely encrypted, even as it moves in a virtualised environment, in order to prevent data loss.
With the SafeNet Crypto Hypervisor, IT departments and service providers can deliver on-demand, elastic key vaulting and encryption services for data protection across physical, virtual, and cloud environments in minutes instead of days. The solution’s high assurance encryption services fit the cloud operations model and the full cost and innovation advantages of virtualisation can be exploited without compromising security or compliance. IT maintains full, centralised control of the delivery of encryption services such as secure key storage. Users have full control of their encryption service, and can be assured that other tenants and administrators cannot access their encryption keys.
“Although encryption is becoming more common, data is only as safe as the keys protecting it,” said Christian Christiansen, Program Vice President of Security Products & Services with IDC. “Storing the keys in special-purpose hardware, such as a hardware security module, is the recommended best practice. However, until now, hardware encryption solutions have not provided sufficient agility and flexibility needed in virtualised and cloud environments. Rolling out a virtual application that requires encryption, signed digital certificates, or other PKI functions can often add days or weeks to a project.”
SafeNet’s Crypto Hypervisor solves these issues by extending and virtualising the market-leading SafeNet Luna SA 5 Hardware Security Module (HSM) to fit into the operational models of virtual and cloud environments. The Crypto Hypervisor can be centrally controlled and configured by crypto administrators using the new SafeNet Crypto Command Centre. The administrators can build a catalogue of services available on the Crypto Hypervisor. Users can now log in to a web portal to view a catalogue of services that they have permission to create. These users can provision the services they need on demand on shared physical hardware. This process can reduce new service rollout from days down to minutes.
SafeNet’s Crypto Hypervisor provides customers with the following benefits:
- Cloud-compatible crypto: Built for the cloud operational model, the Crypto Hypervisor enables organizations to consolidate crypto efforts, eliminate ‘islands of encryption’, and create a more secure and efficient operation. Organisations can use as little as five percent of the hardware they use today for the same amount of encryption services.
- Lower total cost: For the first time, a catalogue of encryption services can be defined by the centralised administration team. Now, different users in different organisations can order these high-assurance key vault services on demand from this online catalogue. New services that used to take days or even weeks to deliver can now be enabled within minutes, and without the intervention of a centralised IT organisation.
- Central control: The Crypto Command Centre can manage hundreds of independent virtualised HSMs. Strong audit controls with tamper-evident, digitally-signed logs are maintained for all functions. This centralised control and logging allows customers to build a centre of excellence around encryption and simplify the audit process.
- The most secure key vault available: The Crypto Hypervisor technology virtualizes the field-proven and trusted SafeNet Luna HSMs, which currently provide protection for over $1 trillion in daily financial transactions; offer five nines of availability; and are trusted by enterprises and governments around the world.
“The move to virtualisation and cloud has revolutionised the way we store and protect data. This necessitates a similar revolution in the way in which crypto resources are shared and managed. Prior to the introduction of Crypto Hypervisor, it was a very manual and slow process for IT departments to deliver encryption services in the cloud, which slowed cloud adoption. Now, starting an encryption service is equivalent to a simple process like spinning up a new VM.” said Tsion Gonen, Chief Strategy Officer, SafeNet.